安装apache2虚拟主机并支持ssl(debian)

小乔

我的博客已迁移到xdoujiang.com请去那边和我交流
debian下安装apache2+ssl支持
一、虚拟主机
1、当前版本
cat /etc/debian_version
5.0.1
2、本机ip
ifconfig|awk -v RS="Bcast:" '{print $NF}'|awk -F: '/addr/{print $2}'
10.1.10.250
3、安装apache2的prefork模式
apt-get -y install apache2-mpm-prefork
apache2 -l|grep prefork.c
  prefork.c
4、支持php
apt-get -y install php5-cli
apt-get -y install libapache2-mod-php5
5、修改虚拟主机监听地址和端口
cat /etc/apache2/ports.conf
NameVirtualHost 10.1.10.250:80
Listen 10.1.10.250:80
6、我这里准备的是aaa.bbb.com域名(配置里注释掉的目前不用 根据情况使用 所以保留着)
cat /etc/apache2/sites-available/aaa.bbb.com

    ServerAdmin webmaster@localhost
    ServerName aaa.bbb.com
    DocumentRoot /var/www
   
        Options FollowSymLinks
        AllowOverride None
   
   
        Options -Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
   
#   ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
#   
#       AllowOverride None
#       Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
#       Order allow,deny
#       Allow from 127.0.0.1 localhost 10.1.0.0/24
#   
    ErrorLog /var/log/apache2/aaa.bbb.com_error.log
    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn
    CustomLog /var/log/apache2/aaa.bbb.com_access.log combined
Alias /jimmy /var/www/ccc/

AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews SymLinksIfOwnerMatch IncludesNoExec

Order Allow,Deny
Allow from 10.0.0.0/8
#AuthName "by Restricted Area"
#AuthType basic
#AuthUserFile /etc/apache2/securepw
#require user www61com


Order deny,allow
Deny from all



7、创建网站目录ccc
mkdir /var/www/ccc -p
8、创建1个php测试文件   
cat /var/www/ccc/test.php
;  
9、激活站点
cd /etc/apache2/sites-available
a2ensite aaa.bbb.com
Enabling site aaa.bbb.com.
Run '/etc/init.d/apache2 reload' to activate new configuration!
10、修改/etc/hosts在最后添加二行
cat /etc/hosts
10.1.10.250 aaa.bbb.com
aaa.bbb.com 10.1.10.250
11、根据情况修改php配置文件(可以不修改)
cat /etc/php5/apache2/php.ini
expose_php = Off            #关闭版本号
display_errors = Off        #不显示错误
log_errors on               #提供错误日志
12、全部配置完后需要重启apache2
/etc/init.d/apache2 restart
13、使用域名访问测试
如果在windows机器上测试的话 可以修改hosts我这边修改过了
访问aaa.bbb.com/ccc/test.php就可以看到以下图片了

二、支持ssl
1、建立ssl目录
mkdir /etc/apache2/ssl -p
2、创建一个证书(时间365天)并填写相关一些信息
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/aaa.bbb.com.key -out /etc/apache2/ssl/aaa.bbb.com.crt
Generating a 2048 bit RSA private key
......+++
....+++
writing new private key to '/etc/apache2/ssl/aaa.bbb.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:cn
State or Province Name (full name) [Some-State]:sh
Locality Name (eg, city) []:shanghai
Organization Name (eg, company) [Internet Widgits Pty Ltd]:aaa
Organizational Unit Name (eg, section) []:aaa
Common Name (eg, YOUR name) []:aaa
Email Address []:aaa@163.com
3、aaa.bbb.com的ssl域名
cat /etc/apache2/sites-available/aaa.bbb.com-ssl

    ServerAdmin webmaster@localhost
    ServerName aaa.bbb.com
    SSLEngine On
    SSLCertificateKeyFile /etc/apache2/ssl/aaa.bbb.com.key
    SSLCertificateFile /etc/apache2/ssl/aaa.bbb.com.crt
Alias /jimmy /var/www/ccc/
   
        Options FollowSymLinks +Execcgi
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 10.0.0.0/8
   
    ErrorLog /var/log/apache2/aaa.bbb.com_ssl.error.log
    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn
    CustomLog /var/log/apache2/aaa.bbb.com_ssl.access.log combined

4、开启ssl模块支持
cd /etc/apache2/mods-available
a2enmod ssl
Enabling module ssl.
See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.
Run '/etc/init.d/apache2 restart' to activate new configuration!
5、开启aaa.bbb.com-ssl站点
cd /etc/apache2/sites-available
a2ensite aaa.bbb.com-ssl
Enabling site aaa.bbb.com-ssl.
Run '/etc/init.d/apache2 reload' to activate new configuration!
6、配置443端口
cat /etc/apache2/ports.conf
NameVirtualHost 10.1.10.250:80
Listen 10.1.10.250:80
NameVirtualHost 10.1.10.250:443

    # SSL name based virtual hosts are not yet supported, therefore no
    # NameVirtualHost statement here
    Listen 10.1.10.250:443

7、全部配置完后需要重启apache2
/etc/init.d/apache2 restart
8、查看监听端口
netstat -tupnl |grep apache2
tcp        0      0 10.1.10.250:80          0.0.0.0:*               LISTEN      5460/apache2   
tcp        0      0 10.1.10.250:443         0.0.0.0:*               LISTEN      5460/apache2
9、使用域名访问测试
如果在windows机器上测试的话 可以修改hosts我这边修改过了
访问https://aaa.bbb.com/ccc/test.php就可以看到以下图片了

三、参考文档
http://httpd.apache.org/docs/2.2/